Six Steps to Strong, Cohesive Cybersecurity

Published 10/19/2021, 9:00am

A strong, cohesive, and focused cybersecurity program, with components and teams that work together is necessary to ensure protection from evolving threats. Unfortunately, many organizations find themselves attempting to build a functional cybersecurity program while facing a variety of roadblocks and inefficiencies, such as fragmented and underutilized tools and technologies, siloed and overworked teams, and a lack of executive buy-in.

In this blog, we’ll look at how challenges in the current cybersecurity environment contribute to problems that make organizations ripe for attack. We’ll also explore what businesses can do to improve the functionality of their security environment.

Too Many Tools and Technologies

There is a common assumption when it comes to cybersecurity tools and technologies that more is better—that is, layer on one more detection solution, additional endpoint and email protection, and more firewalls and the business then has a handle on its security. What happens most often when approaching security this way is reduced detection and response, bad implementations, and wasted dollars.

Overworked and Insufficient Staff

With bad implementations comes improper configurations, followed by false positives and alerts that lack context, causing alert fatigue and overwork. Overworked staff regularly results in high turnover, and replacing lost staff is no easy task these days. The cybersecurity skills gap is real, with some estimates suggesting that there is currently a shortage of over three million cybersecurity professionals.

The improper configuration and structure of many corporate cybersecurity programs can worsen the skills gap, with security personnel reporting that increasing workloads and alert fatigue have driven them away from cybersecurity careers. Staff departures also contribute to brain drain, with personnel taking crucial institutional knowledge with them when they leave.

Disconnected, Decentralized, and Disorganized Security Environments

With insufficient staff, cybersecurity salaries are being driven sky high, putting strain on already-strapped cybersecurity budgets. This subsequently creates a situation where organizations turn to multiple external security experts to fill the gaps. While this approach can be effective in certain situations, too many different security vendors all doing different jobs creates a disconnected, decentralized, and disorganized security environment. The tools and technologies used by each security vendor may not integrate with other vendor tools and technologies, and each vendor may use a different report type and format. In this scenario, businesses find themselves without a common or connecting thread that ties and binds the security program together cohesively.

Busy CISOs

With massive ransomware attacks and breaches becoming an almost daily occurrence, there is undoubtedly a feeling among CISOs that the weight of the world (or at least the weight of the organization) is resting on their shoulders. With decision-making and budget power often in the hands of non-technically oriented executives, CISOs find themselves bridging the gap between IT and the C-suite, translating complex technical reports into budgets and buy-in. If multiple security vendors are added into the mix, the CISO also has the unenviable task of reviewing numerous disparate reports and recommendations and then decoding everything into a handful of bite-sized messages for presentation to executives. This is no easy task, even for the most seasoned CISO, with the result often being that executives and the board sometimes misunderstand or gloss over critical security needs.

Six Steps to Cohesive Security

To effectively manage challenges within the current security environment, businesses should incorporate these steps into their security processes:

1. Inventory—Know your environment, including what security assets you own. Conduct an inventory, making a list of each asset’s security function. Rank them by extent of use and criticality. 
2. Assess—Using standards like the Capability Maturity Model, determine the maturity level of each security practice within your organization, incorporating your security tools and technologies and how your team uses them.
3. Identify—With an objective assessment complete, identify areas for improvement.
4. Prioritize—With security gaps identified, prioritize next steps using a risk-based model. 
5. Implement—Develop a plan based on your inventory, assessment, identification, and prioritization. Use the plan to help educate and obtain buy-in from decision makers. 
6. Test Continuously—Engage in regular testing, such as penetration testing, red and blue team exercises, tabletop scenarios, etc., to ensure you continue to understand security gaps and to create improvements. 

Approaching security holistically, in which programs and people shift to something more interconnected, collaborative, and continuous, can go a long way to improving an organization’s overall security posture. Getting to this point involves establishing a functional baseline through improved visibility into tools and techniques, creating scalability within the program to remediate security gaps, and building controls through continuous validation and testing.

To get a more in-depth description of how your organization can create a strong and cohesive cybersecurity program, download our white paper on Strategies for Building Cohesive Security Programs.